Your “right to be forgotten” under the new GDPR

With GDPR approaching fast you might have heard about your rights changing with regards to personal data. Scratching your head asking why this matters to me? We’ve summarised below.

These changes are all about protecting you, the end user from companies that misuse your data. This means how you’re impacted will depend on whether you are the one filling out the forms or analysing the data.

The chances are yes, we will all be impacted in some way or another.

If you are reading this then the odds are pretty good that you have both a Facebook account and use Google in a number of ways. You probably research new products online before purchasing and are happy to provide your email to your favourite brands in return for a bit of discount or insight into new products. You may have requested a quote for a service or ordered a product online, which of course involves handing over a fair amount of personal data.

But what if you don’t want them to keep this info?

One of the major changes coming into effect with GDPR is the requirement for companies, including social media giants, to erase your personal data upon your request. This is commonly being referred to as the “right to be forgotten”. It does not mean remove you from a mailing list, it means forgetting you completely! You should receive no more contact nor should any personal data be stored.

These changes are all part of the new Data Protection Bill coming into force next year, which makes it simpler for you to control how companies use your personal data. This includes the likes of your name, email address and mobile number. It also extends to requesting that your previous social media posts and pictures be deleted from servers forever. It will even include internet cookies and IP addresses pertaining to an individual.

The new regulations come with a hefty fine if ignored. The maximum penalty is set at £17m (previously £500,000).

Among other notable changes, the new rules are stricter enforcement on how consent works online. Users will now have to give ‘explicit consent’ for personal information to be collected. No more easily missed opt-out tick boxes. Instead, you will have to explicitly say you agree and tick that box as part of the process. They also need to explicitly state what it is the data will be used for. No infuriating mailing list subscriptions simply because you bought a product once.

It will also give individuals the right to request that organisations reveal the personal data being held on them free of charge without hassle, a right we imagine many will choose to test.

These rules will apply to all businesses big and small under the new GDPR, coming into force from May 2018. We’ll be exploring this more, including from a business perspective in our upcoming blog on GDPR 2018. It’s guaranteed to be worth a read, given that now SME’s will be under the microscope as much as large corporates with regards to data protection. These changes mean that there is now no escaping the laws or blaming your ignorance of them!

So what are your thoughts? Will you be evoking your right to be forgotten?

If you would like any additional information on how you think GDPR may affect your business or your usage of the internet, please get in touch.